On Tue, May 01, 2007 at 04:33:02PM -0700, Fong Vang wrote:
> The documentation for Xen mentions that iptables in dom0 may affect
> domUs. If iptables and ipvsadm is heavily used in a domU, how does this
> impact dom0?
Depends on how your network is setup.
> In my particular case, I want both dom0 and ONE domU (FW_domu) to be visible
> to the external network (eth1). There will be several other domU's that
> will be behind FW_domU).
>
> as far as the domUs are concerned, this is the layout.
>
> FW_domU
> |
> LB_domU
> |
> +-----+--+--------+
> | | |
> domU1 domU2 domU3
>
> what's the best way to set this up. LB_domU runs LVS (ipvsadm). Is this
> configuration even supported in Xen.
It's supported, but complex. You're going to have to know an awful lot
about bridging, routing, and such to be able to set this up and keep it
running in any sort of good order. If I were consulting on this, I'd
question the underlying assumptions that have led to this design first, as
there's probably some much simpler way of laying it all out. But the
diagram above, if given as a virtual network layout, is certainly doable, if
perhaps not optimal.
You can certainly run both iptables and ipvsadm in a Xen domU; it's been an
integral part of one of my clients' setups for about 9 months now, and it
works a treat.
- Matt
--
I'm not sure which upsets me more: that people are so unwilling to accept
responsibility for their own actions, or that they are so eager to regulate
everyone else's.
_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users
|